MasterCard, Visa, Paypal and 4chan - The furor of WikiLeaks unleashed

Today was certainly not a boring day in the annals of security news. Yesterday the forces of Anonymous (4chan) decided to take issue with the perceived censorship of government critics by performing DDoS (Distributed Denial of Service) attacks against entities involved in removing WikiLeaks from the internet.

The most prominent attacks by the legion of Anonymous began by targeting PayPalblog.com. Strangely, they did not attempt to take PayPal itself down, but went after the public mouthpiece of the company. Early on December 8th US Eastern time they began attacking MasterCard.com as noted by Carole Theriault.

For the most part, disrupting MasterCard.com didn't impact payment card processing. However, some MasterCard customers subscribe to a secondary form of authentication called SecureCode. This requires that you enter an additional security code when making online purchases using your credit card. The denial of service against MasterCard's web presence prevented customers using this technology from making online purchases during the attack.

After largely succeeding in the attack against MasterCard, Anonymous began to attack Visa.com. Despite 4chan's claims that they were bringing Visa to its knees, I was able to access their website throughout the attack. At the same time, Twitter began to suspend accounts related to the coordination of the attacks, such as @Anon_Operations and @AnonOperation.

As I have mentioned previously, it is against the law to participate in DDoS attacks, even if many people are angry about the coordinated efforts to shut down WikiLeaks.

The public has had its eyes opened to how easy it is for a small group of internet users to have a large impact on the functioning of major websites. Unfortunately the internet is still a growing entity and is not yet strong enough to defend itself against determined adversaries.

Don't let yourself be found in the position of US diplomats... Protect your data.

First and foremost, Wikipedia vandalism is doable by anyone. It's actually very unlikely that any 4chan member will do such a thing, because it is so trivial.
4chan.org has been DDoS'd many times before, a few times very recently. However all of those times have been done by individuals who, just like the anon community, simply enjoy bringing people grief for their own amusement. All it takes is a meeting with the network provider, an explanation and investigation into what happened, and a server reset, which takes a few days at most.
Anon fights for what they believe in. It may not be the same thing you do.

It takes a sophisticated form of intelligence to do hacking like that. How can they be that intelligent and yet fail to grasp the idea that freedom of speech is not absolute? Most of us learn in grade school that you don't yell fire in a crowded theater (unless there really is one.) Police would be unable to perform many of their investigations without secrecy, Would those Wikileak idiots go into PD files and publish the names of all their informers and undercover agents? They probably would; they just haven't thought about it yet. Would they go into governmental HR files and publish all of the data there for the whole world to see? Most people count on certain forms of secrecy in their lives, and we expect our government to maintain secrecy as well. If Wikileaks had been around during WWII, we would all be speaking German and Japanese, because those idiots would have publicized all the battle plans, all the locations of our armed forces, etc. Wikileaks and those who are, in their "minds," getting even for what happened to Wikileaks, should all be hanged, every last one of them.

You are so wrong in so many ways, DDoS attacks are not hacks, just a lot of extra traffic. The Anon group does not want to compromise sensitive government data which would let's say, reveals information which leads to getting someone killed, no. Anon wants to reveal all the immoral things about our government, random people, websites, and protect wikileaks and other "friendly" websites from unfriendly targets.

If your neighbour is a serial-killer, would you "respect their privacy" and not expose them? And would you hang any other neighbour who did so? What a moronic argument. And as your first statement goes, you DO yell fire in a crowded theater if there is one. And have you seen them expose secret battle plans more than evil deeds?

I was on /b/ last night when they announced the attack at 10 or so. There's actually a lot of differing opinion on 4chan about what is going on. I'd say half the ppl on 4chan think the attacks are ridiculous.

Carole T, one of your employees should really do her research before releasing comments to the BBC and Telegraph.

If she did her research she would know that LOIC does not directly allow someone else to use your computer, just like windows aid from distance a few years back. It has however the option to -give- someone else acces to input data to guide you.

As well, anonymous does not have a spokeperson or aligned to any website (like 4chan). So certain things you are claiming in your article a nonsense.

Anonymous is a group, in the sense that a flock of birds is a group. How do you know they're a group? Because they're travelling in the same direction. At any given moment, more birds could join, leave, peel off in another direction entirely. It does not have a core.

/b/ is not 4chan, and this isn't a sad little raid like normal-- it's the first real "internet protest" that isn't for lulz but to make a point: wikileaks is clearly being made the enemy for simply revealing truth to power. whether it was illegal or not is besides the point, it was heroic (and probably blindly stupid, but whats the difference sometimes) and points to the future of what the internet could achieve for social justice. doesn't matter anyway, now the IDEA exists-- if it's not wikileaks, torrents are unstoppable. seed the data. inform the major networks. FYI: this wasn't covered *at all* on network tv news for hours and hours. surprised?

The anon group is mad at Mastercard and Paypal because they aren't allowing donations to wikileaks, and pretty much anything wiki. Mastercard and Paypal being the common payment method it's not easy for money to be donated, therefore the wikileaks guy loses money.

So on one hand, 4chan will go all out to identify a single teen who posted a cat abuse video. Good. On the other, they will attack services like paypal & credit cards used by charitable entities, like animal rescue groups who have an ongoing commitment to combat animal abuse, and need donations to function. Not good. It needs to be understood that it isn't all about consumers buying junk: real suffering is caused to worthy causes and people as well.

But the only language some people understand is that of the pocketbook.

Now, I'm not condoning what Anonymous did, but it's a complicated world. It's easy to figure out what to do when it's a single kid hurting cats. It's much harder to go after wrongs being committed in an interconnected world surgically, without causing collateral damage.

I think it's important to take a step back and look at the situation surrounding Anonymous and Wikileaks: that we no longer trust our governments or corporations to operate in our best interests, and that whole segments of the population feel so devoiced that they no longer choose legal means of being heard.

But this isn't a political blog, so I'll stop there.

I just wish we knew how to better mobilize protests in the digital age. The Facebook ones over privacy failed miserably, and it's hard to tell whether the TSA ones have gotten any traction either. . .

"I think it's important to take a step back and look at the situation surrounding Anonymous and Wikileaks: that we no longer trust our governments or corporations to operate in our best interests, and that whole segments of the population feel so devoiced that they no longer choose legal means of being heard. "

This. That's the primary problem. Anonymous feels they have no voice or not enough voice if they choose legal actions. So they choose illegal actions, and justify them with "the end justifies the means".

From what I understand, these "Anon" groups are not all the same. They are also not all from 4chan... and by saying that you are putting the blame on everyone on the internet who uses 4chan or who calls themselves anonymous.

Yeah let's get some facts straight. As already mentioned above, 4chan is not the Anonymous. 4chan is an image board; that is, pretty much like your usual forum but you can attach an image to your post (or attach a post to your image, if you want to think of it that way) and you can post there without creating an account - in fact image boards don't have account systems. You may post with a name, and if you don't, the software will tag you as Anonymous, from which the group took its name. Threads are also perishable as there's a maximum amount any board section will hold at a time.

It is true of course that there is a connection. The Anonymous first organized on 4chan's random talk board and have adopted as their symbol both the suit-wearing an without a face (or alternatively a green "no image available" head) and the mask from "V for Vendetta" movie for their public protests. They still post on 4chan to deliver their message, I guess because it is an easy way to reach a large audience - just check 4chan's Alexa rating. I myself hang out on 4chan to discuss stuff, but since I mostly confine myself to /a/, /co/ and /tg/ boards, I don't have a very clear image of the Anonymous' formation.

Alot of the people who browse 4chan's famous board /b/ aka random are within the age group of 13 -16. The so called hackers, are just teens who are stupid enough to follow directions on another site which they think is awesome, but in reality, is plain stupid. The founder of 4chan tried serveral times to remove this childish behavior in this so called Random board, but his own site was taken offline by the so called "Anonymous." 4chan was originally made for humor and anime otaku fans, but soon became a mess of people who got in one little fight and their mom got scared, who made them move with their auntie and uncle in bel air.

Wow as if the anons from 4chan are master hackers that can ddos even the fbi website. They're just kids that think what they do is cool. They're not villains. They use stuff like: http://en.wikipedia.org/wiki/LOIC and call themselves hackers.

It looks like you just took the last 3 anon articles and threw up the comment sections in this message, DDoS attacks cannot be performed on private websites, however you can hack your way into administrative access and fuck shit up all you want.

@Tawrich - the 'anon' from my school that was a 'kid thinking what he's doing is cool' when caught by the police in someone else's house with a bag full of electronics wasn't a villain either; bless him. It would be great to see you congratulating him for 'being cool', when he's got a bag of goodies from your house, or if he's Wiki'd 'Trojan' and used it to take control of your laptop; which is sending out spam from your email address and serving porn to the world. Tch, bless those crazy kids!

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics.
You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.